[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can't get T2X to accept LetsEncrypt Certificate
Author Message
mark@dark Offline
Junior Member
**

Posts: 2
Joined: Oct 2015
Reputation: 0
Post: #1
Can't get T2X to accept LetsEncrypt Certificate
Hi all

Testing on a T26P;
Firmware Version 6.73.0.50
Hardware Version 4.0.1.38

I have a LetsEncrypt FullChain key loaded in to our SIP server.

OpenSSL doesn't seem to have a problem with the cert chain;

# openssl s_client -connect abc.def.com:5061 -no_ssl2 -bugs
...
subject=/CN=abc.def.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
...
Verify return code: 0 (ok)


So back on the phone. If I set "trusted certs only" to disabled on the phone it connects fine.

Turning "trusted certs only" to enabled fails as I'd expect. As it doesn't yet have the root certs for LetsEncrypt.

However if I load either of the LetsEncrypt X3 Intermediate Certificates from https://letsencrypt.org/certificates/ in to the Trusted Certificates on the phone it still fails.

Looking at the phone logs it's seeing;

Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] SSL_is_init_finished done
Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] tls_connect: remote certificate: subject:/CN=abc.def.com
Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Jan 11 14:05:07 SIP [465]: SDL <3+error > [000] Failed to verify remote certificate
Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] verification failure: unable to get local issuer certificate


So it's seeing the cert but doesn't seem to be matching it to the intermediate given in the web front end.



What have I missed?

I can't believe that nobody out there is using LetsEncrypt.

Cheers
Mark
01-11-2018 02:36 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Can't get T2X to accept LetsEncrypt Certificate - mark@dark - 01-11-2018 02:36 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  wildcard certificate failing to be accepted with "only accept trusted certificates" kg4ysy 4 12,986 03-29-2016 10:16 PM
Last Post: kg4ysy
  certificate Paulo Batista 1 5,944 03-29-2016 05:08 AM
Last Post: Karl_Yealink
  Yealink v80 series Client Certificate Problem mehmetozi 2 9,542 12-02-2015 02:50 PM
Last Post: mehmetozi
  802.1x Certificate for PEAP clvgk 1 8,109 07-23-2015 08:01 AM
Last Post: James_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication